Method and system for encryption-based design obfuscation for an integrated circuit

ABSTRACT

Encryption-based design obfuscation for an integrated circuit includes creating multiple functional circuit paths for an integrated circuit design and selecting among the multiple functional circuit paths during scan testing. Encrypting selection data corresponding to an intended function of the integrated circuit design avoids revealing the intended function as a result of the scan testing.

FIELD OF THE INVENTION

The present invention relates to securing circuit design, and moreparticularly to encryption-based design obfuscation for integratedcircuit designs.

BACKGROUND OF THE INVENTION

The development of integrated circuits (ICs) has become increasinglycomplex, due in large part to the ever increasing functionality offeredby newly developed circuitry. Integrated circuits continue to surpassmilestones in development, as more and more functionality is packagedinto smaller sizes. This enhanced functionality and the greater numberof transistors packaged in an integrated circuit requires more rigoroustesting requirements to insure reliability once the device iscommercialized. Thus, new integrated circuit designs are repeatedlytested and debugged during the development process to minimize thenumber and severity of errors that may subsequently arise. Regardless ofthe rigor of the developmental testing, invariably a certain percentageof manufactured devices will fail prematurely.

Thus, a problem existing in the semiconductor industry is in the testingof manufactured chips. Even assuming a good, error-free logic design, itis well known that various faults and errors can enter into theproduction process, which can result in functional defects in amanufactured chip. These faults can enter through a variety of causes inthe numerous manufacturing process steps and can affect any of thedifferent gates, switches or lines on the chip. To prevent such devicesfrom being sold or used in systems, typically some level of testing isperformed on manufactured chips to identify those that may failprematurely.

A number of different types of testing have been used to minimize thepossibility of premature failure of manufactured chips. One of the morepopular types of testing is scan testing. Scan testing is a wellrecognized design-for-test (“DFT”) technique used for addressing certaintesting problems in very large scale integrated (“VLSI”) circuits. Afull scan design technique transforms a given sequential circuit into acombinational circuit and shift register (referred to as a scanregister) for the purpose of testing. This transformation makes itpossible to obtain almost complete fault coverage using an AutomaticTest Pattern Generation (“ATPG”) program. Typically, as part of the scantest, large circuits are partitioned into smaller combinational circuitsto facilitate fault isolation and failure analysis.

The scan design technique implements all or most of the state elementsin the device under test, such as flip-flops and latches, as scannableflip-flops, which often are referred to as scan-flops. An ATPG programcan treat the state elements as pseudo inputs and outputs of the device.During typical testing, a scan-path is first tested by shifting a simplesequence of 1s and 0s through chained scan-flops. The ATPG program thengenerates test vectors that are applied to test the combinational logic.The device then returns to normal operational mode, typically for oneclock cycle, to capture the response of the combinational circuit in thescan-flops. The captured response is unloaded via the scan-path and, atthe same time, the state element values corresponding to the next testvector are loaded. This testing sequence repeats until all test vectorsare applied.

Tools exist to help evaluate resulting data from the scan test andidentify path(s)/logic gate(s) exhibiting stuck-at faults. While suchanalysis tools can provide a level of assistance in isolating faults,they also create a level of vulnerability, since use of such toolsallows for reverse engineering of the integrated circuit design.

A need exists, therefore, for design obfuscation for an IC, includingduring scan testing. The present invention addresses such a need.

BRIEF SUMMARY OF THE INVENTION

Aspects of encryption-based design obfuscation for an IC are described.Encryption-based design obfuscation for an integrated circuit includescreating multiple functional circuit paths for an integrated circuitdesign and selecting among the multiple functional circuit paths duringscan testing. Encrypting selection data corresponding to an intendedfunction of the integrated circuit design avoids revealing the intendedfunction as a result of the scan testing.

With the encryption-based design obfuscation of the present invention,the circuit function intended as a circuit design cannot be determinedwithout knowledge of the encrypted select register data. Without theability to determine the intended function, reverse engineering via scantest analysis is prevented. The present invention achieves this securitywhile supporting scan testing for fault coverage of a circuit design ina straightforward and effective manner. These and other advantages ofthe aspects of the present invention will be more fully understood inconjunction with the following detailed description and accompanyingdrawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 illustrates a block diagram of an encryption based designobfuscation for an integrated circuit in accordance with the presentinvention.

FIG. 2 illustrates a block diagram of the encryption based obfuscationdesign including a tamper detect block.

DETAILED DESCRIPTION OF THE INVENTION

The present invention relates to encryption-based design obfuscation foran integrated circuit. The following description is presented to enableone of ordinary skill in the art to make and use the invention and isprovided in the context of a patent application and its requirements.Various modifications to the preferred embodiment and the genericprinciples and features described herein will be readily apparent tothose skilled in the art. Thus, the present invention is not intended tobe limited to the embodiments shown but is to be accorded the widestscope consistent with the principles and features described herein.

FIG. 1 illustrates a block diagram of encryption based designobfuscation for an integrated circuit that avoids revealing thedesign/reverse engineering as a result of scan testing in accordancewith the present invention. A 4:1 MUX (multiplexer) 25 is inserted foruse with every flip-flop 26 in the scan test. One input connection ofMUX 25 is for the actual functional path of the circuit logic 30 andthree input connections can provide valid functional inputs but are notpart of the functional path. An n-bit select register 27 is alsoprovided. The number of functional circuits created is 2^(n). Thus, ifn=10, 1024 circuits that are deterministic (and non-trivial) input tooutput functions are provided. However, only one of those circuits isthe intended function for the actual design.

In order to secure the design, the intended function selection data isencrypted with an encryptor 29, e.g., an encryption algorithm, such asDES (data encryption standard). The encrypted data provides theselection data for the one intended function that the design developerknows, but which the device tester does not know. Since other selectiondata selects a functional circuit input, scan testing can still beachieved for fault coverage without revealing actual intended devicefunction. This could allow sensitive (ITAR) designs to be assembled andtested in non-ITAR compliant locations.

Through the utilization of encrypted selection data in accordance withthe present invention, the circuit function intended for the designcannot be determined without knowledge of the encrypted select registerdata. Without the ability to determine the intended function, reverseengineering is prevented. Further, in a preferred embodiment, theregister select value for the intended function is lost if power isremoved, resulting in all 2^(n) circuits being equally probable forselection. FIG. 2 illustrates the block diagram of the encryption basedobfuscation design including a tamper detect block 31. If the power islost, the circuit will probably be disabled (1 chance in 2 ^(n) ofpowering up in operational state). Use of a power on reset circuit, andadding a reset function to the n-bit register 27 will guarantee poweringup in a non-operational mode. In addition, if the tamper detection block31 is added to the device or system, conditions such as overvoltage,undervoltage, illegal clock frequency, or sudden temperature change, canbe used to reset the n-bit select register to a false state even whileoperating. If this occurs, the device continues to operate, in a benignfashion, with no apparent indication that tamper detection has occurred.Thus, the ‘real’ circuit can be disabled in the case of tamperdetection. In addition, the selection bits do not have be unique but canbe shared among the registers in a circuit design, as is wellappreciated by those skilled in the art.

Although the present invention has been described in accordance with theembodiments shown, one of ordinary skill in the art will readilyrecognize that there could be variations to the embodiments and thosevariations would be within the spirit and scope of the presentinvention. For example, although DES is described for use as theencryption algorithm, other encryption algorithms may be used accordingto design needs, as is well understood in the art. Accordingly, manymodifications may be made by one of ordinary skill in the art withoutdeparting from the spirit and scope of the appended claims.

1. A method for encryption-based design obfuscation for an integratedcircuit, the method comprising: creating multiple functional circuitpaths for an integrated circuit design; selecting among the multiplefunctional circuit paths during scan testing; and encrypting selectiondata corresponding to an intended function of the integrated circuitdesign to avoid revealing the intended function as a result of the scantesting.
 2. The method of claim 1 wherein selecting further comprisesselecting with an n-bit select register.
 3. The method of claim 2wherein encrypting selection data further comprises encrypting the dataof the n-bit select register with a data encryption standard (DES)algorithm.
 4. The method of claim 2 wherein creating multiple functionalpaths further comprises creating 2^(n) functional paths.
 5. The methodof claim 1 wherein the encrypted selection data is lost upon circuittamper detection.
 6. The method of claim 5 wherein loss of the encryptedcircuit selection data results in an equal probability of selection ofeach of the multiple functional paths.
 7. The method of claim 1 whereincreating multiple functional paths further comprises creating aplurality of deterministic, non-trivial, input to output functions.
 8. Asystem for encryption-based design obfuscation for an integratedcircuit, the system comprising: functional path logic of an integratedcircuit; a selection device for storing selection data to directselection of one of a plurality of circuit designs for the functionalpath logic; and an encryptor for encrypting selection data correspondingto an intended function of the integrated circuit, wherein potentialreverse engineering of the intended function as a result of scan testingis avoided.
 9. The system of claim 8 wherein the selection devicefurther comprises an n-bit select register.
 10. The system of claim 9wherein the selection device further stores encrypted selection datafrom the encryptor as data encrypted in accordance with a dataencryption standard (DES) algorithm.
 11. The system of claim 9 whereinthe selection device further directs selection of one of 2^(n) circuitdesigns.
 12. The system of claim 8 wherein the selection device losesthe encrypted selection data upon circuit tamper detection.
 13. Thesystem of claim 12 wherein loss of the encrypted selection data resultsin an equal probability of selection of each of the plurality of circuitdesigns.
 14. The system of claim 8 wherein each of the plurality ofcircuit designs further comprises a deterministic, non-trivial, input tooutput functional circuits.
 15. A method for encryption-based designobfuscation for an integrated circuit, the method comprising: encryptingdata that identifies an intended function for an integrated circuitdesign; and selecting the intended function from a plurality offunctions based on the encrypted data.
 16. The method of claim 15wherein the encrypted data further comprises encrypted data in an n-bitselect register.
 17. The method of claim 16 wherein selecting theintended function further comprises selecting the intended function from2^(n) functions.
 18. The method of claim 15 further comprising losingthe encrypted data upon tamper detection to result in equal probabilityfor selection of each of the plurality of functions.